Well, the risks are the same on DSL/Cable as they are on any
Internet-connected link (including dialup) without a firewall. Firewalls
help you to implement a policy of 'least-privilege' on your link--ensuring
that only the services that you want to be advertised to the world are,
thereby preventing services that shouldn't be advertised (e.g. anything
windows). The risk is, of course, getting broken into or becoming the
victim of a denial-of-service attack via a service that is advertised but
shouldn't be.
A simple packet filtering firewall is enough (and a 486 running *BSD or
linux is cheap and effective, albeit difficult for Joe User to implement
because he/she doesn't understand TCP/IP, UNIX, firewalling, protocols,
etc. enough to configure it at all, let alone correctly). Most home users
are surf-only so they don't need to advertise _any_ services and could
benefit from a firewall blocking _all_ connections from
the Internet. Another benefit of a firewall is the logging of
unauthorized access attempts...
With all of the unpatched bugs (unpatched because most uses of DSL and
Cable modems run windows and don't patch security holes) in windows and
windows-software (like ICQ, etc.), it doesn't bode well for the average
user. However, normal users don't really attract dedicated hacking
attacks so the risk is mainly from hackers that probe wide ranges of
addresses looking for arbitrary vulnerable hosts (which is quite
frequent, actually).
-Jason
On Wed, 17 Nov 1999, Lisa Cabon wrote:
> Date: Wed, 17 Nov 1999 09:08:48 -0800
> From: Lisa Cabon <[EMAIL PROTECTED]>
> To: Firewalls List <[EMAIL PROTECTED]>
> Subject: DSL vulnerabilities
>
> Hi,
>
> I'm doing a paper on possible reasons why one would want to use a personal
> firewall or some such behind a DSL router in a small business or home
> office. I'm doing a lot of research on the Net and other fora also, but I
> thought I'd ask what people's opinions are of using DSL *without* a
> firewall. What are some of the risks? And what types of firewalls might be
> the best bet for this situation, if one is needed?
>
> Thanks,
> Lisa
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
